exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-56059	WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability_CVE-2026-56059 Subscriber Arbitrary File Upload in Travel Booking	PhysCode	Travel Booking n/a	Jun 26, 2026	CVE
CRITICAL 9.9	CVE-2026-56058	WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability_CVE-2026-56058 Subscriber Arbitrary File Upload in Quform	ThemeCatcher	Quform n/a	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-56057	WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability_CVE-2026-56057 Subscriber PHP Object Injection in Uncanny Automator Pro	Uncanny Owl	Uncanny Automator Pro n/a	Jun 26, 2026	CVE
HIGH 8.8	CVE-2026-56055	WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability_CVE-2026-56055 Subscriber PHP Object Injection in RealHomes	InspiryThemes	RealHomes n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-56048	WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56048 Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce	tychesoftwares	Payment Gateway Based Fees and Discounts for WooCommerce n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56047	WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-56047 Unauthenticated Cross Site Scripting (XSS) in perfmatters	Perfmatters, Powered Kinsta + GeneratePress Docs Changelog Feature requests Legal Affiliate Contact	perfmatters n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-56046	WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56046 Subscriber Cross Site Scripting (XSS) in ListingPro	CridioStudio	ListingPro n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56045	WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56045 Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.	ValvePress	Automatic n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56044	WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56044 Unauthenticated Cross Site Scripting (XSS) in Blog2Social	Adenion	Blog2Social n/a	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-56043	WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56043 Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce	CusRev	Customer Reviews for WooCommerce n/a	Jun 26, 2026	CVE